Citrix NetScaler A foundation for next-generation datacenter security
|
|
- Blaze Parrish
- 6 years ago
- Views:
Transcription
1 Citrix NetScaler Citrix NetScaler A foundation for next-generation datacenter security
2 2 Introduction The need for robust datacenter security has never been greater. Traditional challenges and concerns including extensive regulatory requirements, the rise of targeted attacks, and the continuing erosion of perimeter-centric security models are now being joined by the need to account for highly dynamic enterprise cloud architectures and flat networks with fewer, natural choke points. Add the ever-present budgetary pressures to do more with less, and it becomes clear that the foundation for stronger security must be built using existing datacenter infrastructure. Citrix NetScaler, the best application delivery controller (ADC) for building enterprise cloud networks, is precisely such a solution. Already a strategic component in thousands of enterprise datacenters, NetScaler delivers an extensive portfolio of essential datacenter security capabilities. Moreover, it minimizes the need for enterprises to invest in a large number of expensive, standalone security solutions. NetScaler not only provides critically important application security, network/ infrastructure security, and identity and access management, but also supports a rich ecosystem of partner products to cover adjacent security domains. NetScaler Datacenter Security Capabilities Application Security NetScaler Application Firewall Data Loss Protection Layer 7 Attack Protection Network/Infrastructure Security No Compromise SSL DNS Security Layer 4 Attack Protection Identity and Access Management Security Fabric / Partner Ecosystem The net result is a strong foundation for next-generation datacenter security that is also cost effective. NetScaler for Application Security Security practitioners are justifiably investing substantial time, effort, and money on application-layer security. After all, attacks against vulnerable applicationlayer services, faulty business logic, and valuable data have proven quite fruitful. Accordingly, NetScaler incorporates numerous app-layer protections, including a fullfeatured application firewall, data loss protection, and countermeasures for thwarting denial-of-service (DoS) and other Layer 7 attacks.
3 3 NetScaler Application Firewall Traditional network firewalls lack the visibility and control required to protect against the more than 70 percent of Internet attacks that target application-layer vulnerabilities. This is the rationale behind the NetScaler Application Firewall, a comprehensive ICSA-certified web application security solution that blocks known and unknown attacks against web and web services applications. Employing a hybrid security model and analyzing all bi-directional traffic, including SSL-encrypted communications, Application Firewall counteracts a broad range of security threats without requiring any modifications to applications. Hybrid security model. A combination of both positive and negative security models provides the most complete protection against all modes of attack. To defeat new, unpublished exploits, a positive-model policy engine that understands permissible user-app interactions automatically blocks all traffic falling outside this scope. Complementing this, a negative model engine uses attack signatures to guard against known threats to applications. XML protection. In addition to blocking common threats that can be adapted for attacking XML-based apps (e.g., cross-site scripting, command injection, etc.), Application Firewall incorporates a rich set of XML-specific protections. These include: schema validation to thoroughly verify SOAP messages and XML payloads, the ability to block XML attachments containing malicious executables, defense against XPath injection techniques for gaining unauthorized access, and the ability to thwart related DoS attacks (e.g., excessive recursion). Advanced protection for dynamic elements. Augmenting the default protection profile, an advanced profile provides essential security for applications that process user-specific content Multiple, session-aware protections secure dynamic application elements such as cookies, form fields, and session-specific URLs, thereby thwarting attacks that target the trust relationship between client and server (e.g., cross-site request forgery). Application dynamism is handled by the positive security engine, and secured without explicitly defining each dynamic element in the policy. Because only exceptions need to be learned, configuration is easier and change management is simplified. Tailored security policies. An advanced learning engine automatically determines the expected behavior of enterprise web applications and generates human-readable policy recommendations. Administrators can then tailor the security policy to the unique requirements of each application, and avoid potential false-positive events. Ensured compliance. Application Firewall enables enterprises to achieve compliance with data security mandates such as the Payment Card Industry Data Security Standard, which explicitly encourages the use of web app firewalls for public-facing applications that handle credit card information. Detailed reports can be generated to document all protections defined in the firewall policy that pertain to PCI mandates. Zero-compromise performance. The industry s highest performing web application security solution delivers up to 12 Gbps of comprehensive protection without degrading application response times. In addition, NetScaler improves
4 4 application performance through advanced acceleration technologies (e.g., content caching) and server offload capabilities (e.g., TCP connection management, SSL encryption/decryption, and data compression). Fully integrated architecture. More than simply deployed on the NetScaler platform, Application Firewall is tightly integrated with it. Object and policy level sharing simplify administration, while system-level process sharing ensures high performance by avoiding the need for multi-pass packet processing. Data Loss Protection Unexpected leakage of sensitive data in application server responses results from a successful attack against the application, a flaw in the application s design, or misuse by an authorized user. A prudent step for enterprises to take, and an essential part of a defense-in-depth security strategy, is to actively guard against such leakage. NetScaler facilitates this requirement with a straightforward, easy-to-use data loss protection capability. Safe Object data checks, an integral feature of the NetScaler Application Firewall, provide administrator-configurable protection for sensitive business information, such as social security numbers, order codes, and country/region-specific telephone numbers. An administrator-defined regular expression or custom plug-in tells the application firewall the format of this information and defines the rules to be used to protect against leakage. If a string in a user request matches a safe object definition, the application firewall can then take appropriate action, including Block the response Mask the protected information Remove the protected information from the response before sending it to the user Different actions can be specified for each individual Safe Object rule. NetScaler also provides Credit Card check to prevent inadvertent leakage of credit card numbers. Inspection of header information and payload data provides the thoroughness needed to avoid false negatives, while algorithmic string matching delivers the high-accuracy detection needed to avoid false positives. If a credit card number is discovered, and the administrator has not allowed credit cards numbers to be sent for the app in question, then the response can be blocked in its entirety, or the firewall can be set to mask all but the last 4 digits of the number (e.g., xxxx-xxxxxxxx-5678). NetScaler Figure 1: NetScaler protects against the leakage of confidential customer information.
5 5 The net result is another powerful feature set IT security teams can use not only to monitor for misuse events and successful attacks, but also to substantially limit their impact. Additional Layer 7 Attack Protection NetScaler includes several additional mechanisms that provide application-layer attack protection. HTTP protocol validations. Enforcing RFC compliance and best practices for HTTP use is a highly effective way that NetScaler eliminates an entire swathe of attacks based on malformed requests and illegal HTTP protocol behavior. Additional custom checks can also be added to the security policy by taking advantage of integrated content filtering, custom response actions, and bi-directional HTTP re-write capabilities. Potential use cases expand to include: preventing users from accessing specified parts of a web site unless they are connecting from authorized locations; defending against HTTP-based threats (e.g., Nimda, Code Red), and removing information from server responses that could be used to perpetrate an attack. NetScaler Figure 2: Citrix NetScaler secures web applications. HTTP DoS protection. An innovative method is used to mitigate HTTP GET floods. When an attack condition is detected (based on a configurable threshold for queued requests), a tunable percentage of clients is sent a low-impact computational challenge. This challenge is designed such that legitimate clients can easily respond to it properly, but dumb DoS drones cannot. This enables NetScaler to distinguish bogus requests from requests sent by legitimate application users. Adaptive timeouts and other mechanisms can also be employed to defend against other types of DoS threats, such as SlowRead and SlowPost attacks. Rate limiting (and more). One approach for thwarting DoS attacks is to keep network and servers from overloading by throttling or redirecting traffic that exceeds a specified limit. To that end, AppExpert rate controls trigger NetScaler policies based on connection, request, or data rates either to or from a given resource (i.e., virtual server, domain, or URL). Closely related capabilities include: Surge protection for dampening the impact of traffic spikes on servers Priority queuing to ensure that critical resources are served ahead of non-critical resources during periods of high demand
6 6 NetScaler for Network and Infrastructure Security NetScaler also incorporates several network and infrastructure-oriented security capabilities. Most notable among these are extensive support for SSL-based encryption, DNS security, and Layer 4 attack protection. No-Compromise SSL Whether it s to ensure app delivery policies are fully applied to encrypted traffic and/or to offload back-end server infrastructure, ADCs must include the ability to process SSL-based traffic. Simply having basic functionality in this area is no longer sufficient, however, as two factors are driving SSL processing requirements to the point of over stressing infrastructure resources. First, enterprises are increasingly adopting an SSL Everywhere posture. Typically pursued to pacify customer concerns and counteract hacking tools such as Firesheep, this is where encryption is used not only for the sensitive parts of an app, such as a login page, but for the entire application surface area. The result is a dramatically growing SSL footprint. The second issue involves the deprecation of 1024-bit encryption keys in favor of 2048-bit (and larger) keys. Consistent with guidance issued by the U.S. National Institute of Standards and Technology (NIST), this transition is also being driven by leading browser vendors plans to not support websites using certificates with keys weaker than 2048 bits beyond December 31, The impact in this case is an exponential increase in strength of encryption, but at a cost of least 5 times greater processing demands. NetScaler appliances address both of these trends. By incorporating dedicated SSL acceleration hardware with support for both 2048 and 4096 bit keys, NetScaler delivers essential encryption capabilities that avoid the need to make tradeoffs between having stronger security and maintaining a high-performance user experience. SSL Performance Demand Social Networks SSL Protected Apps Web Mail SaaS Enterprise Banking Log-in Transaction Full Session Entire Site Application Surface Area Protected by SSL Figure 3: SSL everywhere increases security and performance requirements.
7 7 Another related feature is policy-based encryption. With this capability, administrators can configure NetScaler to automatically encrypt portions of legacy web apps that were originally designed to not use encryption, but now warrant it. For those organizations requiring a high-level of cryptographic assurance, NetScaler is also available in FIPS 140-2, Level 2 compliant models. DNS Security DNS is an essential infrastructure service for the modern datacenter. In the absence of a robust, secure DNS implementation, the availability and accessibility of key services and applications is put in jeopardy. In addition to providing high-scale load balancing of an organization s internal DNS servers when operating in DNS proxy mode, NetScaler can also be configured to operate as an authoritative DNS (ADNS) server to directly handle name and IP resolution requests. In either deployment scenario, NetScaler delivers a robust, secure implementation based on the following features: Hardened design Designed from the start as a hardened service, NetScaler s implementation of DNS is not based on open source BIND, and, therefore, not subject to the vulnerabilities routinely discovered in BIND. RFC compliance/enforcement NetScaler performs full DNS protocol validation and enforcement to automatically block attacks leveraging malformed DNS requests, or other types of DNS misuse. Native DNS rate limiting To help prevent DNS flood attacks, policies can be set to rate limit or drop queries based on configured parameters. This control can be implemented based on query type and/or domain name a feature that enables enterprises and service providers serving multiple domains to establish separate policies for each. Cache poisoning protection with DNSSEC Response hi-jacking is a serious class of threats that involves hackers injecting forged records into a DNS server, thereby poisoning its cache. These records then direct users to a hacker-controlled site that serves malicious content or otherwise attempts to harvest valuable account and password information. NetScaler guards against this type of threat with two powerful protections: Built-in support for DNSSEC that can be implemented for both ADNS and proxy DNS configurations. NetScaler enables response signing so that resolving clients can subsequently validate authenticity and integrity of the response. This standards-based approach eliminates the introduction of forged records into an otherwise vulnerable DNS cache. Randomizing DNS transaction IDs and source port information makes it difficult for a hacker to insert the necessary information into a request and corrupt DNS records.
8 8 Layer 4 Attack Protection NetScaler protects against network-layer DoS attacks by ensuring that back-end resources are not allocated until a legitimate client connection has been established and a valid request has been received. For example, NetScaler s defense against TCP-based SYN floods is based primarily on allocating resources only after a three-way TCP handshake between the client and NetScaler appliance has been fully completed, and secondarily on having a performance-optimized, security-enhanced implementation of SYN cookies. In addition, a hardware platform and operating system architecture capable of processing millions of SYN packets per second provides assurance that NetScaler itself does not succumb to such attacks. Other network-layer security protections include: (a) layer 3 and 4 access control lists (ACLs) that can allow necessary application traffic while blocking everything else, (b) the rate limiting, surge protection, and priority queuing capabilities discussed previously, and (c) a high performance, standards-compliant TCP/IP stack that has been enhanced to: Automatically drop malformed traffic that could pose a threat to backend resources. Prevent disclosure of connection and host-based information (e.g., server addresses and ports) that could prove useful to hackers intent on perpetrating an attack. Automatically thwart a multitude of DoS threats, including ICMP flood, pipeline, teardrop, land, fraggle, small/zero window, and zombie connection attacks. AAA for Application Delivery Although having robust network, infrastructure, and application layer coverage is essential to achieving effective datacenter security, it is simply not enough. Another dimension IT security teams need to account for is the user layer. NetScaler delivers an extensive set of AAA functionality: Authentication capabilities for validating user identities. Authorization for verifying and enforcing which specific resources each user is allowed to access. Auditing capabilities to keep a detailed record of each user s activities (i.e., for troubleshooting, reporting, and compliance purposes). The strength of the NetScaler AAA solution is not only its broad capabilities, such as support for password changes and a wide variety of authentication mechanisms (e.g., local, RADIUS, LDAP, TACACS, certificates, NTLM/Kerberos, and SAML/ SAML2). More importantly, NetScaler centralizes and consolidates these services across applications. Rather than implementing, enforcing, and managing these controls individually for every application, administrators can take care of everything in one place. Advantages of this approach include the ability to: Improve server performance Server load can be reduced and application performance improved as back-end resources are freed from having to perform AAA tasks.
9 9 Add security to legacy apps Critical security functionality can be added to legacy apps lacking native AAA capabilities. Modern apps also benefit from a greater array of choices such as having the ability to incorporate stronger authentication or more granular logging without modifying the application. Deliver a consistent user experience The user experience can be homogenized by standardizing authentication mechanisms, parameters (e.g., timeouts), and policies (e.g., for handling failed attempts) across sets of applications. Enable single sign-on (SSO) Users need only log in once, as NetScaler transparently logs them in to all of the resources within a given domain. Enhance security Numerous opportunities exist to strengthen security, including: enabling multi-factor or secondary authentication mechanisms; implementing secure logout (i.e., where authentication cookies automatically timeout); and enforcing consistent policies across different sets of users and/or resources. Simplify security design Having just one place (rather than 10 s or 100 s of them) to implement and manage AAA services significantly streamlines administration and reduces the potential for errors that lead to gaps in an organization s defenses. Establishing a Security Fabric with NetScaler Partner Products NetScaler s value as a datacenter security solution is strengthened by a rich ecosystem of partner products. Key examples include: Reporting and analytics A standards-based technology, NetScaler AppFlow extends the TCP-level information already captured by IPFIX the IETF standard for NetFlow to include per flow application-layer data records. Completely non-intrusive, AppFlow eliminates the need for proprietary taps, software agents, or additional devices by leveraging an organization s existing NetScaler infrastructure to provide insight into who is using which resources, when, and to what extent. Splunk, a Citrix Ready Partner, consumes AppFlow data in its Splunk for NetScaler with AppFlow solution to enable analysis and reporting of security related details such as: SSL VPN and application firewall events, policy violations, and resources under attack. Security information and event management (SIEM) NetScaler App Firewall also supports the Common Event Format (CEF) and syslog for data output to third-party solutions. One common use case is the processing of NetScaler event and log information by leading SIEM platforms (e.g., HP ArcSight and RSA envision) for operational security and compliance management purposes. Vulnerability management HailStorm and ClickToSecure from Citrix Ready Partner Cenzic provide dynamic, black-box testing of web sites to generate vulnerability information. In this instance, the partnership has led to simplified import of Cenzic scan results into the NetScaler Application Firewall for configuring rules to protect against threats that target vulnerabilities discovered in applications and services.
10 10 A handful of other representative partners and their technologies include: RSA (Adaptive Authentication), Qualys (vulnerability management), Sourcefire (IPS and real-time network awareness), TrendMicro (AV and web security), and Venafi (key/ certificate management). The bottom line is that these, and a host of other available partner solutions, enable enterprises to build on the foundation provided by NetScaler to establish a complete datacenter security fabric. Conclusion Ongoing budget constraints and a mounting requirement for increasingly robust datacenter security have created a scenario where enterprises need to do more for less. Citrix NetScaler, the best application delivery controller for building enterprise cloud networks, is a perfect fit for this situation. Combining an extensive portfolio of application, network, and user layer security capabilities with a rich ecosystem of interoperable partner products, NetScaler enables today s enterprises to leverage their existing infrastructure to establish and extend upon a robust, cost-effective foundation for next-generation datacenter security. Corporate Headquarters Fort Lauderdale, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA EMEA Headquarters Schaffhausen, Switzerland India Development Center Bangalore, India Online Division Headquarters Santa Barbara, CA, USA Pacific Headquarters Hong Kong, China Latin America Headquarters Coral Gables, FL, USA UK Development Center Chalfont, United Kingdom About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) transforms how businesses and IT work and people collaborate in the cloud era. With market-leading cloud, collaboration, networking and virtualization technologies, Citrix powers mobile workstyles and cloud services, making complex enterprise IT simpler and more accessible for 260,000 organizations. Citrix products touch 75 percent of Internet users each day and it partners with more than 10,000 companies in 100 countries. Annual revenue in 2011 was $2.21 billion. Learn more at Citrix Systems, Inc. All rights reserved. Citrix and NetScaler are trademarks or registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners. 0912/PDF
Guide to Deploying NetScaler as an Active Directory Federation Services Proxy
Deployment Guide Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Enabling seamless authentication for Office 365 use cases Table of Contents Introduction 3 ADFS proxy deployment
More informationWhat is an application delivery controller?
What is an application delivery controller? ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery
More informationCitrix NetScaler AppFirewall and Web App Security Service
Data Sheet Citrix NetScaler AppFirewall and Web App Security Service Citrix NetScaler AppFirewall TM is a comprehensive full function ICSA, Common Criteria, FIPS-certified web application firewall that
More informationDesktop virtualization for all
Desktop virtualization for all 2 Desktop virtualization for all Today s organizations encompass a diverse range of users, from road warriors using laptops and mobile devices as well as power users working
More informationCitrix CloudBridge Product Overview
Product Overview Product Overview Businesses rely on branch offices to serve customers, to be near partners and suppliers and to expand into new markets. As server and desktop virtualization increase and
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationDeploying NetScaler with Microsoft Exchange 2016
Deployment Guide Deploying NetScaler with Microsoft Exchange 2016 Deployment Guide Load balancing Microsoft Exchange 2016 with NetScaler Table of Contents Introduction 3 Configuration 5 NetScaler features
More informationCitrix Education Learning Journey
Citrix Education Learning Journey The road to becoming Citrix Certified doesn t need to be long and winding. Use our simple-to-follow learning paths to guide your Learning Journey. Getting started is easy.
More informationEmpower a Mobile Workforce with Secure App Delivery
Empower a Mobile Workforce with Secure App Delivery Empowering people to use Windows applications on any type of device with full security. For convenience and productivity, many people expect to use their
More informationTop three reasons to deliver web apps with application virtualization
Top three reasons to deliver web apps with application virtualization Securely deliver browser-based apps while improving manageability and user experience Web browsers can cause many of the same headaches
More informationA comprehensive security solution for enhanced mobility and productivity
A comprehensive security solution for enhanced mobility and productivity coupled with NetScaler Unified Gateway and StoreFront lets organizations upgrade their business security beyond usernames and passwords,
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationCitrix Education Learning Journey
Citrix Education Learning Journey The road to becoming Citrix Certified doesn t need to be long and winding. Use our simple-to-follow learning paths to guide your Learning Journey. Getting started is easy.
More informationSecure app and data delivery across devices, networks and locations
Secure app and data delivery across devices, networks and locations How XenApp dramatically simplifies data protection, access control and other critical security tasks. citrix.com Most discussions of
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationWhite Paper. Why choose NetScaler. Discover 9 ways NetScaler outperforms the competition. citrix.com
Discover 9 ways NetScaler outperforms the competition. Today s enterprises face new requirements for their datacenter and cloud architectures, from keeping pace cost-effectively with fast-growing traffic
More informationDaaS Market Report Workspace Services and Desktops-as-a-Service Global Market Trends: The Service Provider Perspective
DaaS Market Report 2017 2017 Workspace Services and Desktops-as-a-Service Global Market Trends: The Service Provider Perspective Survey shows jump in traditional Value Added Resellers (VARs) embracing
More informationWelcome to the new Citrix Product Documentation site
Welcome to the new Citrix Product Documentation site The Citrix Information Experience team is pleased to bring you a redesigned product documentation site! The site was redesigned with our customers in
More informationWeb application firewall Delivering must-have protection for web applications
Web application firewall Delivering must-have protection for web applications Learn what traditional network security solutions can t do and why your organization needs a web application firewall as a
More informationCitrix ShareFile Enterprise: a technical overview citrix.com
Citrix ShareFile Enterprise: a technical overview White Paper Citrix ShareFile Enterprise: a technical overview 2 The role of IT organizations is changing rapidly as the forces of consumerization pose
More informationAdding XenMobile Users to an Existing XenDesktop Environment
XenMobile and XenDesktop Design Guide Adding XenMobile Users to an Existing XenDesktop Environment Understanding the Impact XenMobile and XenDesktop Design Guide 2 Table of Contents Project Overview 3
More informationWindows Server 2003 Migration with Citrix App and Desktop Delivery
Windows Server 2003 Migration with Citrix App and Desktop Delivery As you transition from Windows Server 2003, transform your app and desktop delivery strategy with the industry s leading solutions Citrix
More informationSecure XenApp and XenDesktop, Embrace the Flexibility
Secure XenApp and XenDesktop, Embrace the Flexibility Discover 10 reasons NetScaler is the best way to future-proof your infrastructure 1 As you refresh your network, it s important to understand that
More informationAccelerate Graphics in Virtual Environments
Accelerate Graphics in Virtual Environments Deliver rich graphics capabilities to more users through virtualized graphics technology from Citrix, Dell, and NVIDIA. Virtualization of graphics applications
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationRemote access to enterprise PCs
Design Guide Remote access to enterprise PCs XenDesktop 7.5 Design Guide Table of Contents About FlexCast Services Design Guides 3 Project overview 3 Objective 3 Assumptions 4 Conceptual architecture 5
More informationSecure File Sharing and Real-Time Mobile Access to Business Data with Citrix ShareFile
Solutions Brief Secure File Sharing and Real-Time Mobile Access to Business Data with Citrix ShareFile An enterprise file sync and sharing solution built for the needs of the energy, oil and gas industry
More informationWhite paper. Keys to Oracle application acceleration: advances in delivery systems.
White paper Keys to Oracle application acceleration: advances in delivery systems. Table of contents The challenges of fast Oracle application delivery...3 Solving the acceleration challenge: why traditional
More informationBuild application-centric data centers to meet modern business user needs
Build application-centric data centers to meet modern business user needs Citrix.com Table of contents Meeting current business challenges...3 Device package integration...5 Policy-based service insertion...6
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationCisco ACI and Citrix NetScaler: Opening the Way to Data Center Agility
White Paper Cisco ACI and Citrix NetScaler: Opening the Way to Data Center Agility Business Agility Requires Data Center Agility Today s successful enterprises innovate and respond to change faster than
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationCitrix Consulting. Guide to Consulting Methodology and Services
Citrix Consulting Fact Sheet Citrix Consulting Guide to Consulting Methodology and Services 2010 www.citrix.com/consulting Citrix Consulting Methodology Through the use of proven methodologies, tools and
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationWHITE PAPER. Citrix NetScaler VPX. NetScaler VPX: Harness the Power of Virtualized Web App Delivery.
NetScaler VPX: Harness the Power of Virtualized Web App Delivery www.citrix.com Executive summary As Web applications have evolved from simple publishing applications to straightforward transactional applications
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationFive reasons to choose Citrix XenServer
Five reasons to choose Citrix XenServer The installation process, server management, workload performance, desktop and application delivery and cost of XenServer make it the clear choice in server virtualization
More informationCitrix XenDesktop White Paper. How to provide unmatched availability, performance and security for Citrix XenDesktop.
How to provide unmatched availability, performance and security for Citrix XenDesktop www.citrix.com Introduction Enterprise networks have traditionally been designed to optimize the delivery of applications
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationWhite Paper. Citrix NetScaler Deployment Guide
Citrix NetScaler Deployment Guide 2 Table of Contents Citrix NetScaler ADC Overview...3 Standard Edition...3 Enterprise Edition...3 Platinum Edition...4 Software Options...4 NetScaler ADC Features and
More informationis also based on Citrix NetScaler support for the Cisco Nexus 1110-S Virtual Services Appliance and related Cisco vpath traffic-steering technology.
Deliver the Next-Generation Intelligent Data Center with Cisco Nexus 7000 Series Switches, Citrix NetScaler Application Delivery Controller, and RISE Technology What You Will Learn The next-generation
More informationF5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe
F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache
More informationOracle PeopleSoft 9.2 with NetScaler for Global Server Load Balancing
Oracle PeopleSoft 9.2 with NetScaler for Global Server Load Balancing This solution guide focuses on defining the deployment process for Oracle PeopleSoft with Citrix NetScaler for GSLB (Global Server
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationDeployment Guide. Policy Engine (PE) Deployment Guide. A Technical Reference
Deployment Guide Policy Engine (PE) Deployment Guide A Technical Reference Deployment Guide Notice: The information in this publication is subject to change without notice. THIS PUBLICATION IS PROVIDED
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationCitrix SD-WAN for Optimal Office 365 Connectivity and Performance
Solution Brief Citrix SD-WAN for Optimal Office 365 Connectivity and Performance Evolving Needs for WAN Network Architecture Enterprise networks have historically been architected to provide users access
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationDenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect
DenyAll Protect DenyAll Protect Web Application & Services Firewalls Securing Sécuring & accelerating your applications Corporate or ecommerce website, email, collaborative tools, enterprise application
More informationNetScaler 2048-bit SSL Performance
WHITE PAPER NetScaler Performance NetScaler 2048-bit SSL Performance July 2010 www.citrix.com/netscaler Overview NetScaler 9.2 boosts SSL performance with 2048-bit keys 5X to meet the needs of customers
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationWHITEPAPER. Security overview. podio.com
WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features
More informationDeploying a Next-Generation IPS Infrastructure
Deploying a Next-Generation IPS Infrastructure Enterprises require intrusion prevention systems (IPSs) to protect their network against attacks. However, implementing an IPS involves challenges of scale
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA
Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats
More informationAPPLICATION ACCESS MANAGEMENT (AAM)
SOLUTION BRIEF APPLICATION ACCESS MANAGEMENT (AAM) AUGMENT, OFFLOAD AND CONSOLIDATE ACCESS CONTROL Authentication and authorization are critical requirements for online communications. It is imperative
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationHow your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter
How your network can take on the cloud and win Think beyond traditional networking toward a secure digital perimeter Contents Introduction... 3 Reduce risk points with secure, contextualized access...
More informationDeliver a seamless user experience for Windows apps on Chromebooks
Deliver a seamless user experience for Windows apps on Chromebooks Citrix XenApp powers Chromebooks with business-critical apps to simplify your adoption of the Chrome OS computing platform. citrix.com
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationPulse Secure Application Delivery
DATA SHEET Pulse Secure Application Delivery HIGHLIGHTS Provides an Application Delivery and Load Balancing solution purposebuilt for high-performance Network Functions Virtualization (NFV) Uniquely customizable,
More informationCisco Start. IT solutions designed to propel your business
Cisco Start IT solutions designed to propel your business Small and medium-sized businesses (SMBs) typically have very limited resources to invest in new technologies. With every IT investment made, they
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationCato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN
Cato Cloud Software-defined and Cloud-based Secure Enterprise Network Solution Brief NETWORK + SECURITY IS SIMPLE AGAIN Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise The
More informationBIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III
BIG-IP V11.3: PRODUCT UPDATE David Perodin Field Systems Engineer III Contents V11.3 Product Update 1. BIG-IP v.11.3.0 (Local Traffic Manager & Access Policy Manager) 2. Advanced Firewall Module (AFM)
More informationWhite Paper. Deployment Practices and Guidelines for NetScaler 10.1 on Amazon Web Services. citrix.com
White Paper Deployment Practices and Guidelines for NetScaler 10.1 on Amazon Web Services Citrix NetScaler on Amazon Web Services (AWS) enables enterprises to rapidly and cost-effectively leverage world-class
More informationWhite Paper Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device
White Paper Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device Citrix.com As the adoption of mobile devices continues to expand, IT organizations are challenged to keep up with the
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions
ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT Guidelines and Frequently Asked Questions About NETSCOUT NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) assures digital business services against disruptions
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationMaximum Security, Zero Compromise in Availability and Performance
Maximum Security, Zero Compromise in Availability and Performance Presented by: Teong Eng Guan MD ASEAN 2 2 Agenda Who is F5 and what to we do? IT Challenges Web Application Security Why & How? Total Defense
More informationAzure MFA Integration with NetScaler
Azure MFA Integration with NetScaler This guide focuses on describing the configuration required for integrating Azure MFA (Multi-Factor Authentication) with NetScaler. Citrix.com 1 NetScaler is a world-class
More informationArchitecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal
Architecture: Consolidated Platform Eddie Augustine Major Accounts Manager: Federal Current DoD Situation Stovepipes of Technology icontrol Customization irules Solutions Security Access Availability Load
More informationA revolution in cloud networking: Citrix TriScale Technology
A revolution in cloud networking: Citrix TriScale Technology Unprecedented scalability with Citrix NetScaler, the ADC of choice for VCE Vblock Systems 2 Executive Summary Citrix NetScaler and Tri-Scale
More informationAddressing Security, Governance and Performance Issues with an XML Gateway as part of a Service Oriented Architecture. Vic Morris CEO Vordel
Addressing Security, Governance and Performance Issues with an XML Gateway as part of a Service Oriented Architecture Vic Morris CEO Vordel Service Oriented Architecture Simple projects implement light
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationDeploying a Next-Generation IPS Infrastructure
Deploying a Next-Generation IPS Infrastructure Enterprises require intrusion prevention systems (IPSs) to protect their network against attacks. However, implementing an IPS involves challenges of scale
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationOverview. Application security - the never-ending story
RIVERBED STINGRAY APPLICATION FIREWALL Securing Cloud Applications with a Distributed Web Application Firewall Overview Responsibility over IT security is moving away from the network and IT infrastructure
More informationSafeguarding Cardholder Account Data
Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationSecurity in Higher Education: A Model for the Modern Institution
Security in Higher Education: A Model for the Modern Institution The University of Florida protects apps and data while freeing students, faculty and staff to work anywhere on any device Introduction Institutions
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationThe Emerging Role of a CDN in Facilitating Secure Cloud Deployments
White Paper The Emerging Role of a CDN in Facilitating Secure Cloud Deployments Sponsored by: Fastly Robert Ayoub August 2017 IDC OPINION The ongoing adoption of cloud services and the desire for anytime,
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationIBM Security Access Manager
IBM Access Manager Take back control of access management with an integrated platform for web, mobile and cloud Highlights Protect critical assets with risk-based and multi-factor authentication Secure
More informationCitrix XenApp and XenDesktop 7.15 LTSR FIPS Sample Deployments
Citrix XenApp and XenDesktop 7.15 LTSR FIPS 140-2 Sample Deployments Contents Introduction... 2 Audience... 2 Security features introduced in XenApp and XenDesktop 7.15 LTSR... 2 FIPS 140-2 with XenApp
More information